BY Marketing Ground Labs | 17 May 2013
When dealing with cardholder data discovery projects, we often get a lot of questions about the anatomy of a credit card, things like the PAN number, BIN ranges, and Luhn checks. We thought some clarification was needed so we will describe below what a PAN number is made of, what BIN ranges refer to, and how you can use the Luhn algorithm (also known as Mod 10) to validate a credit card using pen and paper.
A credit card number, for example 1234567812345678, consists of 3 parts:
The first digit of the card represents the category of industry (IIN) that issued your credit card. For example if you use VISA or MasterCard, your card’s first digit should be either 4 or 5 as they are from the banking and financial industry. American Express is in the travel category and cards issued by them have 3 as the first digit. This is why some websites can automatically identify a valid card number after just one keystroke.
Below are some BIN numbers associated with related brands. As you can see the length of a credit card will vary depending on the brand and they are not all 16 digits.
Credit card brand
Bank identification number prefix
Credit card number length
Diners Club Carte Blanche
Diners Club International
Diners Club US and Canada
The final digits of your credit card number is a check digit, akin to a checksum. The algorithm used to arrive at the proper check digit is called the Luhn algorithm, after IBM scientist Hans Peter Luhn (1896-1964).
The LUHN algorithm, also known as a Mod 10 calculation, can be used to validate primary account numbers.
How does it work using pen and paper?
Calculating the Luhn algorithm by hand includes a few different steps. They include the following.
1. Write down the credit card number:
4417 1234 5678 9113
2. Starting from the first number, double every other digit.
4(x2) 4 1(x2) 7 1(x2) 2 3(x2) 4 5(x2) 6 7(x2) 8 9(x2) 1 1(x2) 3
The doubled numbers result in: 8 2 2 6 10 14 18 2
3. If the result of the doubling ends up with a two digits, then add those two digits together:
10 = 1+0 14= 1+4 18= 1+8
4. Add up all numbers: 8+4+2+7 + 2+2+6+4 + 1+0+6+1+4+8 + 1+8+1+2+3 = 70
If the final sum is divisible by 10, then the credit card is valid. If it is not divisible by 10, the number is invalid or fake. In the above example, credit card number 4417 1234 5678 9113 has passed the Luhn test.
The Luhn algorithm will detect almost any single-digit error, such as someone mistyping numbers when they put in their credit card. The Luhn algorithm does not protect against malicious attacks, nor is it intended to. It is primarily a safeguard against simple user errors. Most credit cards and many government identification numbers use this check as a simple method to distinguish valid numbers from random digits.
That said, your business shouldn’t have to work out the Luhn algorithm by hand. A cardholder data discovery program, like Card Recon, can scan thousands of credit cards and instantly determine which entries are valid and which ones might be an attempt at unauthorized use.
Ready to learn more about how to protect credit card errors? Check out our data discovery solution, Card Recon.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.